We are nearing the age of internet of things. Almost every thing we use in our day-to-day life could be connected to internet. Actively or passively ,we send so much of sensitive data to internet. Therefore, monitoring and securing these data is crucial.Android devices provide convenient and flexible solution for penetration testing. Rooted android devices can do almost all the things that a linux devices could do (basic commands). This helps to perform most of the penetration testing techniques.
The following applications require a rooted android device with BusyBox installed.
- Fing: Fing is a professional application,with very user friendly GUI it helps you detect,evaluate and terminate the evaders. It displays list of devices connected to a particular network with the list of mac-addresses. It also offers ping and tracer-route to test network performance.
- Port Scanner : A port is where information goes in and out of a computer. Scanning ports identifies ‘Open doors’ to computers,therefore scanning and securing them is important.This app lets you scan ports on a remote host via its IP and domain name so that you can know which ports are open.
- Interceptor -NG : It is a packet sniffing tool just like wireshark.Since a typical user never notices the data packets being transferred over internet. Certain spyware could secretly send sensitive data packets like IP,passwords out of users’ computer without their knowledge. Interceptor-NG analyzes such packets being sent.
The following tools are described as penetration testing tools and are not intended to use on public networks.
- ANTI : Android Network Toolkit is one of the most powerful softwares for android. It offers the power of Kali on your palm. This application can simulate various attacks like MITM ( Man in the middle attack) , DoS (Denial of Service), password cracking and metasploit. It has popular nmap utility integrated into it.
- DroidSQLi : It’s a popular SQL injection tool for android. DroidSQLi is the first automated MySQL tool for android.It allows you to test your MySQL web application against SQL injection attacks. Similar App : sqlmapchik
- DroidSheep : On a user’s first visit to any dynamic website , a session ID is granted, which is basically used to keep track of the user’s data when the user bounces to different web page in the same website. Droidsheep reads all the packets through a network. It looks at their content and identifies the user’s sessionID and uses its own sessionID,thus hijacking a user’s website in a logged-in state.
The following applications help users stay anonymous on the Internet.
- Orbot : We have all used TOR to access blocked websites in our college . Orobot is an android application from the official TOR project and does exactly that.It is the safest way to stay anonymous on internet instead of using VPNs and proxies. ORWEB is a dedicated web browser for android, also from TOR project.
- openVPN : OpenVPN is the best VPN client for android . As the name suggest it is completely open source and uses 128 bit encryption which is the reason for its agility. It can be configured on any port and remains uncrackable through brute force and will remain so for the forseeable future.